Executive Summary
Summary | |
---|---|
Title | Sun Alert 250306 A Security Vulnerability in the Solaris NFS Daemon (nfsd(1M)) May Allow Unauthorized Access to Data |
Informations | |||
---|---|---|---|
Name | SUN-250306 | First vendor Publication | 2009-03-09 |
Vendor | Sun | Last vendor Modification | 2009-03-09 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 10 Operating System OpenSolaris A security vulnerability in the Solaris NFS server (nfsd(1M)) may grant multiple security modes to certain NFSv3 remote clients and thereby allow remote unprivileged users on those clients to gain unauthorized access to shared files. Sun acknowledges with thanks Daniel Van Derveer, for discovering and reporting this issue. State: Resolved First released: 09-Mar-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_250306_a_security |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-06-03 | Name : Solaris Update for Obsoleted by 139462-02 File : nvt/gb_solaris_139462_02.nasl |
2009-06-03 | Name : Solaris Update for Obsoleted by 139463-02 File : nvt/gb_solaris_139463_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
52560 | Solaris NFS Daemon sec=sys / sec=krb5 Security Mode Restriction Bypass |